Although you can use this operation while testing your application, you never call it in production. To authenticate a real customer, you must use the Account Enroll or Authentication KBA component.
You use this operation to submit the customer's answers to the questions that were retrieved in the Retrieve Authentication Questions call that's identified by the
authToken request property.
If the answers are correct (HTTP status
200), the operation returns a
userTokenthat identifies the authenticated customer. You use this token as the value of the
x-credmo-user-tokenheader in subsequent API calls.
If the operation returns a
206response, the authentication provider has determined that the customer must answer some more questions. This can happen when, for example, too many of the questions were (correctly) answered with "None of the above". The additional questions are included in the response body, which takes the same form as the Retrieve Authentication Questions response.
If the customer provides a wrong answer to one or more of the questions, the operation returns
401. If you want to continue with this customer, you must retrieve a new set of questions by calling Retrieve Authentication Questions. Retrieving a new set of questions is a billable event.